In
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0507182114310(_dot_)13934-100000(_at_)bmsred(_dot_)bmsi(_dot_)com>
"Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com> writes:
The 10 MX limit is a MUST, so I think PermError is appropriate.
Question for Frank, if >10 MX are to be ignored, does that mean:
a) ignore the MX mechanism entirely
b) use only the first 10 sorted by
i) priority,domain
ii) priority,random
If b.i, how do you defend rather arbitrary ordering by domain?
If b.ii, how you do you defend random results?
See section 5.4 "mx":
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#mech-mx
To prevent DoS attacks, more than 10 MX names MUST NOT be looked up
during the evaluation of an "mx" mechanism (see Section 10
(Security Considerations)). If any address matches, the mechanism
matches.
So, the mx: mechanism should not be ignored, but no ordering of which
10 MX records should be checked is given. I guess it could give an
ordering, but really, if a domain owner wants sensible results, they
shouldn't have that many MX records and use an mx: mechanism.
The same goes for PTR records and the ptr: mechanism.
I think, in practice, that you will find very few cases of more than
10 MX records.
-wayne